Blog post

My Detection Confidence Survey Results

By Anton Chuvakin | February 19, 2016 | 0 Comments

securitymonitoring

A few weeks ago I posted a quick one-question survey on threat and compromise detection. I asked “Imagine that you have clearly identified top 3 critical information assets (systems, documents, databases, etc) that your organization has, what is your confidence level that you will detect a compromise of one of these assets by a malicious party within 7 days from the compromise event?”

Here is what came out:

detection-survey

Total responses: 85

Comments? Here are a few:

  • If you laser-focus your detection defenses [on just top 3 assets, in this example], you can actually score a WIN. Reduce what you watch – and win!
  • It seems that this survey was phrased in a way to really summon the spirit of optimism in security. Those voting “<50% chance to detect” were in the minority [44.7% of you] while “>50% chance to detect” [55.2% of the respondents] are in the majority. Rejoice the security community!
  • I was 100% sure that nobody will answer “100% sure to detect”, yet some did. Sure, you can hypothesize that those are all vendors, but maybe not: I think if you have only 3 eggs in your “critical eggs” basket, you CAN watch it really well and gain surety of detection….
  • Still, “<5%” has a spike. Think about it. This is the domain of the appropriately paranoid and/or severely under-resourced, IMHO.

There you have it – have fun with it! More one-question polls coming soon.

Possibly related blog posts:

Comments are closed